Your message dated Thu, 08 Jul 2004 14:17:05 -0400 with message-id <[EMAIL PROTECTED]> and subject line Bug#241579: fixed in apache2 2.0.50-3 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 4 Jul 2004 21:53:11 +0000 >From [EMAIL PROTECTED] Sun Jul 04 14:53:10 2004 Return-path: <[EMAIL PROTECTED]> Received: from dot.freshdot.net [80.69.73.239] (661cfbf2cad91946389859281b07f2cf) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1BhEv8-0008OJ-00; Sun, 04 Jul 2004 14:53:10 -0700 Received: from ssmeenk by dot.freshdot.net with local (Exim 4.34) id 1BhEv7-0007Iu-Ev for [EMAIL PROTECTED]; Sun, 04 Jul 2004 23:53:09 +0200 Date: Sun, 4 Jul 2004 23:53:09 +0200 From: Sander Smeenk <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Clean up environment before start? Message-ID: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="pf9I7BMVVzbSWLtt" Content-Disposition: inline User-Agent: Mutt/1.5.6+20040523i X-SA-Exim-Connect-IP: <locally generated> Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-5.1 required=4.0 tests=BAYES_44,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: --pf9I7BMVVzbSWLtt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Package: apache2-common Version: 2.0.49-1 Severity: minor Hello. Recently I discovered that when cgi-scripts read out the environment table, what they would see was root's environment set at the moment of starting apache2. In my case, this contained my full name, my full email address, IRC nick, IRC server etc, etc, because I one time copied the .zshrc from my normal user to root's account. I didn't really like this information leakage, especially since more and more people start using my server to host websites on. But then again, it was pretty much expectable behaviour that needs a fix. :) My idea to solve this was to clean the environment before actually starting the daemon. A trivial little diff is attached. I think it would really be nice to put this in. There's really no need for LS_COLORS, LESSOPEN, LESSCLOSE, or READNULLCMD environment variables to Apache. ;) With my regards, Sander. -- | For tech support dial exactly the value of 22 divided by 7. | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D --pf9I7BMVVzbSWLtt Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="apache2.diff" --- etc/init.d/apache2.orig 2004-07-04 23:50:21.000000000 +0200 +++ etc/init.d/apache2 2004-07-04 23:50:40.000000000 +0200 @@ -3,7 +3,15 @@ # apache2 This init.d script is used to start apache2. # It basically just calls apache2ctl. -PATH=/sbin:/bin:/usr/sbin:/usr/bin +for envkey in `env | cut -d'=' -f1` +do + unset $envkey +done + +export PATH=/sbin:/bin:/usr/sbin:/usr/bin +export PWD=`pwd` +export HOME='/tmp' +export PS1='[EMAIL PROTECTED]:\w\$ ' #[ `ls -1 /etc/apache2/sites-enabled/ | wc -l | sed -e 's/ *//;'` -eq 0 ] && \ #echo "You haven't enabled any sites yet, so I'm not starting apache2." && \ --pf9I7BMVVzbSWLtt-- --------------------------------------- Received: (at 241579-close) by bugs.debian.org; 8 Jul 2004 18:19:41 +0000 >From [EMAIL PROTECTED] Thu Jul 08 11:19:41 2004 Return-path: <[EMAIL PROTECTED]> Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1BidUj-0007ME-00; Thu, 08 Jul 2004 11:19:41 -0700 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1BidSD-0001YA-00; Thu, 08 Jul 2004 14:17:05 -0400 From: Thom May <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.51 $ Subject: Bug#241579: fixed in apache2 2.0.50-3 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Thu, 08 Jul 2004 14:17:05 -0400 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: Source: apache2 Source-Version: 2.0.50-3 We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive: apache2-common_2.0.50-3_sparc.deb to pool/main/a/apache2/apache2-common_2.0.50-3_sparc.deb apache2-doc_2.0.50-3_all.deb to pool/main/a/apache2/apache2-doc_2.0.50-3_all.deb apache2-mpm-perchild_2.0.50-3_sparc.deb to pool/main/a/apache2/apache2-mpm-perchild_2.0.50-3_sparc.deb apache2-mpm-prefork_2.0.50-3_sparc.deb to pool/main/a/apache2/apache2-mpm-prefork_2.0.50-3_sparc.deb apache2-mpm-threadpool_2.0.50-3_sparc.deb to pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-3_sparc.deb apache2-mpm-worker_2.0.50-3_sparc.deb to pool/main/a/apache2/apache2-mpm-worker_2.0.50-3_sparc.deb apache2-prefork-dev_2.0.50-3_all.deb to pool/main/a/apache2/apache2-prefork-dev_2.0.50-3_all.deb apache2-threaded-dev_2.0.50-3_all.deb to pool/main/a/apache2/apache2-threaded-dev_2.0.50-3_all.deb apache2_2.0.50-3.diff.gz to pool/main/a/apache2/apache2_2.0.50-3.diff.gz apache2_2.0.50-3.dsc to pool/main/a/apache2/apache2_2.0.50-3.dsc apache2_2.0.50-3_sparc.deb to pool/main/a/apache2/apache2_2.0.50-3_sparc.deb libapr0-dev_2.0.50-3_sparc.deb to pool/main/a/apache2/libapr0-dev_2.0.50-3_sparc.deb libapr0_2.0.50-3_sparc.deb to pool/main/a/apache2/libapr0_2.0.50-3_sparc.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thom May <[EMAIL PROTECTED]> (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 8 Jul 2004 16:04:31 +0100 Source: apache2 Binary: apache2 apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev apache2-mpm-threadpool apache2-mpm-worker libapr0 apache2-threaded-dev apache2-common apache2-mpm-perchild Architecture: source all sparc Version: 2.0.50-3 Distribution: unstable Urgency: high Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Thom May <[EMAIL PROTECTED]> Description: apache2 - Next generation, scalable, extendable web server apache2-common - Next generation, scalable, extendable web server apache2-doc - Documentation for apache2 apache2-mpm-perchild - Experimental High speed perchild threaded model for Apache2 apache2-mpm-prefork - Traditional model for Apache2 apache2-mpm-threadpool - Experimental High speed thread pool model for Apache2 apache2-mpm-worker - High speed threaded model for Apache2 apache2-prefork-dev - Development headers for apache2 apache2-threaded-dev - Development headers for apache2 libapr0 - The Apache Portable Runtime libapr0-dev - Development headers for libapr Closes: 232956 241579 244847 252918 258202 258217 Changes: apache2 (2.0.50-3) unstable; urgency=high . * Brown paper bag of epic proportion. Build all mpms with the proper collection of libraries. (Closes: #258217, #258202) * Clean up environment (Closes: #241579) * Clarify prefork description (Closes: #252918) * Make apache2-default/manual DTRT (Closes: #244847) * Note that we don't ship INSTALL or README.platforms (Closes: #232956) Files: 6fffc8738e048594b8579f96804adb5c 1725 net optional apache2_2.0.50-3.dsc bad667c21b0969799337c33626df9a7f 96227 net optional apache2_2.0.50-3.diff.gz 83cf0823aeb91309965a445418700e3d 3175582 doc optional apache2-doc_2.0.50-3_all.deb f79a360f2a0915da576d9f4343dd6972 160456 devel optional apache2-prefork-dev_2.0.50-3_all.deb f46b55f8cecee1bda9ca9d8d3f25db4f 161752 devel optional apache2-threaded-dev_2.0.50-3_all.deb 2bf1b26cffc0faec969cbbf217872ad6 834038 net optional apache2-common_2.0.50-3_sparc.deb e54f5f15cdf7ccc31a23b2fe69b1754b 208948 net optional apache2-mpm-worker_2.0.50-3_sparc.deb c1a869daf5c2436bdab0d190e29cbf46 230318 net optional apache2-mpm-threadpool_2.0.50-3_sparc.deb 28fec28c5b5b7290ea1dd848a7bb06e5 233272 net optional apache2-mpm-perchild_2.0.50-3_sparc.deb 54ef27ffb4c613ca36b1868e2ad9dfe0 227812 net optional apache2-mpm-prefork_2.0.50-3_sparc.deb d0402b05cc39adee85d48647dc6f606f 117086 net optional libapr0_2.0.50-3_sparc.deb a395b547b608fb666995a0b0e86a0497 254814 libdevel optional libapr0-dev_2.0.50-3_sparc.deb 438fb9ee6e3b62eea23580c26b7861c2 27258 web optional apache2_2.0.50-3_sparc.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iQIVAwUBQO2M4LVnlGdHP376AQKikg/9Eml1SC40Jp99A3rwbCT+WadK0i8lqzAw piY2z82mRRN/rpjBut3thXsTqVIxyGKSVRXYM/Y21mhL+gTEQGhjmwAAW7rXFk4j DC+bxp/v+jSsjxXdjm8wudgPdTNc/vl/n3jhUI3GXFaRkvW3GRolHwod4F6/thzn wJ36w9XM3IzRMF/SGlCicQmOKGDCTvNu9Q4eaT0PLKIPTQA4dXVbCx0gzu2U3r4n Da5MgaWw+ElkVfNpwOC/hV26U9MEAxINHNP2H+ZKBhTbS/3xCTuU06j935Z3cShQ Qf21ISJ9JEhOjYhsR6SBj4xlju42AaaWwzRyg+JeeRl5hs6Buz51mGQSShX2cOy1 /mgK74WFw1HIyDJiJ6a9n8gpUli0sgUYY9kXvduxK7REgx7TuQJiN71DG5tCBIEc pduiC7nRZD+Kj3XHjzXBknTMHqjQUa6Qs1MhlxRf280lZDyWAZ6fEqtgfl/ToCsm c9opk1UGo6f+49icwHLKNwc9gkqSZBqp7GNo8aXCYz50Rlw3qrs2rYTClzjtfw+z +lAjOD0XFncrXoO4byyKcXbmUU2rX7dBfLxN7Ay2FpVyJ0Yzi6Hbp5pK7GQNignl yNDfGGfAMwsWY0fSWMjiyTbr6kTdmHzT40aZlFjTalH1iCyGnvyRHJpK+/MhTLC0 HmsnPZVKovg= =DaI1 -----END PGP SIGNATURE-----